[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Wed Apr 10 23:49:20 UTC 2019
The branch master has been updated
via 4660bdea07e185b96c3b91be3e3b0a38959626ac (commit)
from 6c7d80ab3b2a13074ca270a6d056c59ac431155a (commit)
- Log -----------------------------------------------------------------
commit 4660bdea07e185b96c3b91be3e3b0a38959626ac
Author: Shane Lontis <shane.lontis at oracle.com>
Date: Thu Apr 11 09:47:12 2019 +1000
Added Test::ok_nofips, Test::is_nofips & Test::isnt_nofips methods.
Used to check that a test fails in fips mode i.e. ok_nofips(run(...))
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8661)
-----------------------------------------------------------------------
Summary of changes:
util/perl/OpenSSL/Test.pm | 70 +++++++++++++++++++++++++++++++++++++++--
util/perl/OpenSSL/Test/Utils.pm | 5 +--
2 files changed, 70 insertions(+), 5 deletions(-)
diff --git a/util/perl/OpenSSL/Test.pm b/util/perl/OpenSSL/Test.pm
index daf40cb..5d6e9d9 100644
--- a/util/perl/OpenSSL/Test.pm
+++ b/util/perl/OpenSSL/Test.pm
@@ -1,4 +1,4 @@
-# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -14,7 +14,7 @@ use Test::More 0.96;
use Exporter;
use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
-$VERSION = "0.8";
+$VERSION = "1.0";
@ISA = qw(Exporter);
@EXPORT = (@Test::More::EXPORT, qw(setup run indir cmd app fuzz test
perlapp perltest subtest));
@@ -22,7 +22,8 @@ $VERSION = "0.8";
srctop_dir srctop_file
data_file data_dir
pipe with cmdstr quotify
- openssl_versions));
+ openssl_versions
+ ok_nofips is_nofips isnt_nofips));
=head1 NAME
@@ -831,6 +832,63 @@ sub openssl_versions {
return @versions;
}
+=over 4
+
+=item B<ok_nofips EXPR, TEST_NAME>
+
+C<ok_nofips> is equivalent to using C<ok> when the environment variable
+C<FIPS_MODE> is undefined, otherwise it is equivalent to C<not ok>. This can be
+used for C<ok> tests that must fail when testing a FIPS provider. The parameters
+are the same as used by C<ok> which is an expression EXPR followed by the test
+description TEST_NAME.
+
+An example:
+
+ ok_nofips(run(app(["md5.pl"])), "md5 should fail in fips mode");
+
+=item B<is_nofips EXPR1, EXPR2, TEST_NAME>
+
+C<is_nofips> is equivalent to using C<is> when the environment variable
+C<FIPS_MODE> is undefined, otherwise it is equivalent to C<isnt>. This can be
+used for C<is> tests that must fail when testing a FIPS provider. The parameters
+are the same as used by C<is> which has 2 arguments EXPR1 and EXPR2 that can be
+compared using eq or ne, followed by a test description TEST_NAME.
+
+An example:
+
+ is_nofips(ultimate_answer(), 42, "Meaning of Life");
+
+=item B<isnt_nofips EXPR1, EXPR2, TEST_NAME>
+
+C<isnt_nofips> is equivalent to using C<isnt> when the environment variable
+C<FIPS_MODE> is undefined, otherwise it is equivalent to C<is>. This can be
+used for C<isnt> tests that must fail when testing a FIPS provider. The
+parameters are the same as used by C<isnt> which has 2 arguments EXPR1 and EXPR2
+that can be compared using ne or eq, followed by a test description TEST_NAME.
+
+An example:
+
+ isnt_nofips($foo, '', "Got some foo");
+
+=back
+
+=cut
+
+sub ok_nofips {
+ return ok(!$_[0], @_[1..$#_]) if defined $ENV{FIPS_MODE};
+ return ok($_[0], @_[1..$#_]);
+}
+
+sub is_nofips {
+ return isnt($_[0], $_[1], @_[2..$#_]) if defined $ENV{FIPS_MODE};
+ return is($_[0], $_[1], @_[2..$#_]);
+}
+
+sub isnt_nofips {
+ return is($_[0], $_[1], @_[2..$#_]) if defined $ENV{FIPS_MODE};
+ return isnt($_[0], $_[1], @_[2..$#_]);
+}
+
######################################################################
# private functions. These are never exported.
@@ -861,6 +919,12 @@ are located. Defaults to C<$TOP/test> (adapted to the operating system).
If defined, it puts testing in a different mode, where a recipe with
failures will result in a C<BAIL_OUT> at the end of its run.
+=item B<FIPS_MODE>
+
+If defined it indicates that the FIPS provider is being tested. Tests may use
+B<ok_nofips>, B<is_nofips> and B<isnt_nofips> to invert test results
+i.e. Some tests may only work in non FIPS mode.
+
=back
=cut
diff --git a/util/perl/OpenSSL/Test/Utils.pm b/util/perl/OpenSSL/Test/Utils.pm
index 18ef968..dcff6a5 100644
--- a/util/perl/OpenSSL/Test/Utils.pm
+++ b/util/perl/OpenSSL/Test/Utils.pm
@@ -1,4 +1,4 @@
-# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -53,6 +53,7 @@ STRING is "tls", or for all the available DTLS versions if STRING is
returned list can be used with B<alldisabled> and B<anydisabled>.
=item B<alldisabled ARRAY>
+
=item B<anydisabled ARRAY>
In an array context returns an array with each element set to 1 if the
@@ -67,6 +68,7 @@ disabled.
Returns an item from the %config hash in \$TOP/configdata.pm.
=item B<have_IPv4>
+
=item B<have_IPv6>
Return true if IPv4 / IPv6 is possible to use on the current system.
@@ -225,7 +227,6 @@ sub have_IPv6 {
return $have_IPv6;
}
-
=head1 SEE ALSO
L<OpenSSL::Test>
More information about the openssl-commits
mailing list